From: Martti Rannanjärvi <martti.rannanjarvi@dovecot.fi>
Date: Wed, 3 Aug 2016 09:46:21 +0000 (+0300)
Subject: doveadm: add doveadm dump dcrypt-file
X-Git-Tag: 2.3.0.rc1~3227
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ceee39b0d2f8f5705b05cccb010c764e9771a9bc;p=thirdparty%2Fdovecot%2Fcore.git

doveadm: add doveadm dump dcrypt-file
---

diff --git a/doc/man/doveadm-dump.1.in b/doc/man/doveadm-dump.1.in
index c0a1a976be..a6b7b2d511 100644
--- a/doc/man/doveadm-dump.1.in
+++ b/doc/man/doveadm-dump.1.in
@@ -55,6 +55,9 @@ directory
 Uncompress an IMAP traffic log, which contains data compressed using the
 IMAP COMPRESSION extension.
 .TP
+.B dcrypt-file
+Dump metadata of a dcrypt encrypted file.
+.TP
 .B index
 \(rA dovecot.index, dovecot.map.index
 .TP
diff --git a/src/doveadm/Makefile.am b/src/doveadm/Makefile.am
index e11256d179..80ddebf20c 100644
--- a/src/doveadm/Makefile.am
+++ b/src/doveadm/Makefile.am
@@ -22,6 +22,7 @@ AM_CPPFLAGS = \
 	-I$(top_srcdir)/src/lib-storage \
 	-I$(top_srcdir)/src/lib-imap-storage \
 	-I$(top_srcdir)/src/lib-http \
+	-I$(top_srcdir)/src/lib-dcrypt \
 	-I$(top_srcdir)/src/auth \
 	-DMODULEDIR=\""$(moduledir)"\" \
 	-DAUTH_MODULE_DIR=\""$(moduledir)/auth"\" \
@@ -116,6 +117,7 @@ doveadm_common_dump_cmds = \
 	doveadm-dump-log.c \
 	doveadm-dump-mailboxlog.c \
 	doveadm-dump-thread.c \
+	doveadm-dump-dcrypt-file.c \
 	doveadm-zlib.c
 
 common = \
diff --git a/src/doveadm/doveadm-dump-dcrypt-file.c b/src/doveadm/doveadm-dump-dcrypt-file.c
new file mode 100644
index 0000000000..345868f137
--- /dev/null
+++ b/src/doveadm/doveadm-dump-dcrypt-file.c
@@ -0,0 +1,92 @@
+/* Copyright (c) 2016 Dovecot authors, see the included COPYING file */
+
+#include "lib.h"
+#include "dcrypt.h"
+#include "istream.h"
+#include "istream-decrypt.h"
+#include "dcrypt-iostream.h"
+#include "doveadm-dump.h"
+#include <stdio.h>
+
+static int get_digest(const char *digest,
+		struct dcrypt_private_key **priv_key_r ATTR_UNUSED,
+		const char **error_r ATTR_UNUSED,
+		void *context)
+{
+	const char **digest_r = (const char**)context;
+	*digest_r = t_strdup(digest);
+	return 0;
+}
+
+static void dcrypt_istream_dump_metadata(const struct istream *stream)
+{
+	enum io_stream_encrypt_flags flags = i_stream_encrypt_get_flags(stream);
+	if ((flags & IO_STREAM_ENC_INTEGRITY_HMAC) != 0)
+		printf("flags: IO_STREAM_ENC_INTEGRITY_HMAC\n");
+	if ((flags & IO_STREAM_ENC_INTEGRITY_AEAD) != 0)
+		printf("flags: IO_STREAM_ENC_INTEGRITY_AEAD\n");
+	if ((flags & IO_STREAM_ENC_INTEGRITY_NONE) != 0)
+		printf("flags: IO_STREAM_ENC_INTEGRITY_NONE\n");
+	if ((flags & IO_STREAM_ENC_VERSION_1) != 0)
+		printf("flags: IO_STREAM_ENC_VERSION_1\n");
+
+	enum decrypt_istream_format format = i_stream_encrypt_get_format(stream);
+	switch (format) {
+	case DECRYPT_FORMAT_V1:
+		printf("format: DECRYPT_FORMAT_V1\n");
+		break;
+	case DECRYPT_FORMAT_V2:
+		printf("format: DECRYPT_FORMAT_V2\n");
+		break;
+	}
+}
+
+static int dcrypt_file_dump_metadata(const char *filename, bool print)
+{
+	bool ret = FALSE;
+	struct istream *is = i_stream_create_file(filename, IO_BLOCK_SIZE);
+	const char *key_digest = NULL;
+	struct istream *ds = i_stream_create_decrypt_callback(is,
+			get_digest, &key_digest);
+
+	ssize_t size = i_stream_read(ds);
+	i_assert(size < 0);
+
+	if (key_digest != NULL) {
+		ret = TRUE;
+		if (print) {
+			dcrypt_istream_dump_metadata(ds);
+			printf("decrypt key digest: %s\n", key_digest);
+		}
+	} else if (print) {
+		i_error("%s", i_stream_get_error(ds));
+	}
+
+	i_stream_unref(&ds);
+	i_stream_unref(&is);
+	return ret;
+}
+
+static bool test_dump_dcrypt_file(const char *path)
+{
+	if (!dcrypt_initialize("openssl", NULL, NULL))
+		return FALSE;
+	bool ret = dcrypt_file_dump_metadata(path, FALSE);
+	dcrypt_deinitialize();
+	return ret;
+}
+
+static void cmd_dump_dcrypt_file(int argc ATTR_UNUSED, char *argv[])
+{
+	const char *error = NULL;
+	if (!dcrypt_initialize("openssl", NULL, &error))
+		i_fatal("dcrypt_initialize: %s", error);
+	(void)dcrypt_file_dump_metadata(argv[1], TRUE);
+	dcrypt_deinitialize();
+}
+
+struct doveadm_cmd_dump doveadm_cmd_dump_dcrypt_file = {
+	"dcrypt-file",
+	test_dump_dcrypt_file,
+	cmd_dump_dcrypt_file
+};
diff --git a/src/doveadm/doveadm-dump.c b/src/doveadm/doveadm-dump.c
index de45ddf8f8..a90b20340e 100644
--- a/src/doveadm/doveadm-dump.c
+++ b/src/doveadm/doveadm-dump.c
@@ -87,7 +87,8 @@ static const struct doveadm_cmd_dump *dumps_builtin[] = {
 	&doveadm_cmd_dump_log,
 	&doveadm_cmd_dump_mailboxlog,
 	&doveadm_cmd_dump_thread,
-	&doveadm_cmd_dump_zlib
+	&doveadm_cmd_dump_zlib,
+	&doveadm_cmd_dump_dcrypt_file
 };
 
 void print_dump_types(void)
diff --git a/src/doveadm/doveadm-dump.h b/src/doveadm/doveadm-dump.h
index b51bd1d2a1..cff366ec71 100644
--- a/src/doveadm/doveadm-dump.h
+++ b/src/doveadm/doveadm-dump.h
@@ -15,6 +15,7 @@ extern struct doveadm_cmd_dump doveadm_cmd_dump_log;
 extern struct doveadm_cmd_dump doveadm_cmd_dump_mailboxlog;
 extern struct doveadm_cmd_dump doveadm_cmd_dump_thread;
 extern struct doveadm_cmd_dump doveadm_cmd_dump_zlib;
+extern struct doveadm_cmd_dump doveadm_cmd_dump_dcrypt_file;
 
 void doveadm_dump_register(const struct doveadm_cmd_dump *dump);